all: add basic USB fuzzing support

This commits implements 4 syzcalls: syz_usb_connect, syz_usb_io_control, syz_usb_ep_write and syz_usb_disconnect. Those syzcalls are used to emit USB packets through a custom GadgetFS-like interface (currently exposed at /sys/kernel/debug/usb-fuzzer), which requires special kernel patches. USB fuzzing support is quite basic, as it mostly covers only the USB device enumeration process. Even though the syz_usb_ep_write syzcall does allow to communicate with USB endpoints after the device has been enumerated, no coverage is collected from that code yet.
author: Andrey Konovalov <andreyknvl@google.com> 2019-04-11 15:44:07 +0200
committer: Dmitry Vyukov <dvyukov@google.com> 2019-04-11 16:24:45 +0200
commit: f4a3dc91283f5ab016f166ffec32f9c08e0ba174 (patch)
tree: 322e6242062367a881530c527e84da5b4cc265e3 /executor/common_linux.h
parent: 10e721ba9292fd30750d4c38e11a15d2fbab8f23 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/executor/common_linux.h b/executor/common_linux.h
index 0fd7a1582..2d1460ee6 100644
--- a/executor/common_linux.h
+++ b/executor/common_linux.h
@@ -798,6 +798,21 @@ static long syz_extract_tcp_res(volatile long a0, volatile long a1, volatile lon
 }
 #endif
 
+#if SYZ_EXECUTOR || __NR_syz_usb_connect
+#include <errno.h>
+#include <fcntl.h>
+#include <linux/usb/ch9.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <sys/mount.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+
+#include "common_usb.h"
+#endif
+
 #if SYZ_EXECUTOR || __NR_syz_open_dev
 #include <fcntl.h>
 #include <string.h>
author	Andrey Konovalov <andreyknvl@google.com>	2019-04-11 15:44:07 +0200
committer	Dmitry Vyukov <dvyukov@google.com>	2019-04-11 16:24:45 +0200
commit	f4a3dc91283f5ab016f166ffec32f9c08e0ba174 (patch)
tree	322e6242062367a881530c527e84da5b4cc265e3 /executor/common_linux.h
parent	10e721ba9292fd30750d4c38e11a15d2fbab8f23 (diff)